That's a really good idea and could definitely be done by modifying the getCookieDomain method. I whipped that method up pretty quickly for my own purposes - and you're correct, this currently won't work with two-part TLDs like .co.uk. If I get some spare time (already used 2 days of this project creating the existing valve) I'll add that. But I think there should be 3 use cases in server.xml:
1) Default - just assume 2 parts in cookie domain to extract from server name, like .domain.com: <Valve class="className="org.three3s.valves.CrossSubdomainSessionValve" /> 2) Specify number of parts in cookie domain to support .domain.co.uk: <Valve class="className="org.three3s.valves.CrossSubdomainSessionValve" partCount="3" /> #2 could also be used to support multi-level subdomains like a.b.domain.com. RFCs 2109 & 2965 say that a cookie with domain .domain.com will not be sent in a request to a.b.domain.com; instead it would need to be .b.domain.com. I haven't tested that so I don't know if that's accurate in practice or not. You'd need to be careful though if your app supports subdomains with different levels, like a.b.domain.com and c.domain.com etc. You may end up with session cookies for .b.domain.com and .domain.com and I haven't thought enough about if there would be confusion in a request for c.domain.com or b.comain.com. 3) Specify the actual cookie domain to use: <Valve class="className="org.three3s.valves.CrossSubdomainSessionValve" cookieDomain=".domain.com" /> So to support #2 and #3 CrossSubdomainSessionValve would need partCount and cookieDomain fields with get/set methods and would then use those, if specified, in the getCookieDomain method. Until I have time to implement & test I will leave this as an exercise to the reader. ;) -- View this message in context: http://www.nabble.com/Share-session-cookie-across-subdomains-tp16787390p16793243.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: [email protected] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
